[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-arch-sec-02.txt and last call
Hi,
I wanted to figure out what are the reasons for having
the "discard" function as a part of the security policy configuration.
This functionality is provided by the Firewall/traffic filters
which already implement them pretty well.
In the security architecture for IPSec shouldn't we restrict the
context to when and how to perform security processing? On a
multiport router being a security gateway, implementing a discard
policy based on any of the REQUIRED selectors will be detrimental to
the performance.
Inder
>>>>> Robert Moskowitz <rgm3@chrysler.com> writes:
RM> I really hate last minute things, but I need to point out to all of you
RM> that we only have until the 21st 5pm to get anymore drafts in. This does
RM> not give Karen and Steve much time, or all of us for that matter.
RM> So PLEASE read the draft tonight! Look at it carefully and get your
RM> comments off to Karen. We will see what we can do to incorporate any
RM> REASONABLE corrections.
RM> If there are any burning issues, email me directly. Ted has to dash out of
RM> the country for a few days, so I am holding the bag for the rest of the
RM> week, so to speak.
RM> It would be real significant if we can go to DC with all of these documents
RM> having completed last call and ready to submit as RFCs. Then we can start
RM> collecting the next round of work items; sigh.
RM> Robert Moskowitz
RM> Chrysler Corporation
RM> (810) 758-8212
Follow-Ups:
References: